CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51393 – Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer
https://notcve.org/view.php?id=CVE-2023-51393
23 Feb 2024 — Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. Debido a una asignación de recursos sin límites, existe una vulnerabilidad de consumo de recursos incontrolado en Silicon Labs Ember ZNet SDK anterior a v7.4.0.0 (entregado com... • https://community.silabs.com/068Vm000001NaAM • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51394 – Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash
https://notcve.org/view.php?id=CVE-2023-51394
23 Feb 2024 — High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. Los entornos de mucho tráfico pueden provocar una vulnerabilidad de desreferencia de puntero NULL en el SDK Ember ZNet de Silicon Labs anterior a la versión 7.4.0, lo que provoca un fallo del sistema. • https://community.silabs.com/068Vm000001NL4u • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51392 – Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
https://notcve.org/view.php?id=CVE-2023-51392
23 Feb 2024 — Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. Ember ZNet entre v7.2.0 y v7.4.0 utilizó software AES-CCM en lugar de aceleradores criptográficos de hardware integrados, lo que potencialmente aumenta el riesgo de ataques de canal lateral de análisis de potencia diferencial y electromagnético. • https://community.silabs.com/068Vm000001BKm6 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6640 – Silicon Labs PC Controller v5.54.0 and Earlier Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6640
21 Feb 2024 — Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. Se pueden enviar paquetes S2 Nonce Get Command Class con formato incorrecto para bloquear el PC Controller v5.54.0 y versiones anteriores. • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6533 – Silicon Labs PC Controller Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6533
21 Feb 2024 — Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. Se pueden enviar paquetes de clase de comando de reinicio local de dispositivo con formato incorrecto al controlador, lo que hace que el controlador asuma que el dispositivo final ha abandonado la red. Despu... • https://community.silabs.com/068Vm000001HdNm • CWE-248: Uncaught Exception CWE-345: Insufficient Verification of Data Authenticity CWE-419: Unprotected Primary Channel CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22473 – Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices
https://notcve.org/view.php?id=CVE-2024-22473
21 Feb 2024 — TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. TRNG se utiliza antes de la inicialización mediante el controlador de firma ECDSA al salir de EM2/EM3 en dispositivos Virtual Secure Vault (VSE). Este defecto puede permitir la suplantación de firmas mediante recreación clave. Este problema afecta a Gecko SDK hasta la versión 4.4.0. • https://community.silabs.com/068Vm000001FrjT • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE-908: Use of Uninitialized Resource CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0240 – Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients
https://notcve.org/view.php?id=CVE-2024-0240
15 Feb 2024 — A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. Una pérdida de memoria en la pila Bluetooth de Silicon Labs para productos EFR32 puede provocar que la memoria se agote al enviar notificaciones a varios clientes, lo que provoca que se detengan todas las operaciones de Bluetooth, como la publicidad y el escaneo. • https://community.silabs.com/069Vm000001AjEfIAK • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6874 – Zigbee Unauthenticated DoS via NWK Sequence number manipulation
https://notcve.org/view.php?id=CVE-2023-6874
05 Feb 2024 — Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number Antes de v7.4.0, Ember ZNet es vulnerable a un ataque de denegación de servicio mediante la manipulación del número de secuencia NWK • https://community.silabs.com/069Vm000000WXaOIAW • CWE-312: Cleartext Storage of Sensitive Information CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-6387 – Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
https://notcve.org/view.php?id=CVE-2023-6387
02 Feb 2024 — A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Existe un posible desbordamiento del búfer en la aplicación de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegación de servicio o la ejecución remota de código. • https://github.com/A3ST1CODE/CVE_6387 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5138 – Glitch detection not active by default in Silicon Labs Secure Vault High devices
https://notcve.org/view.php?id=CVE-2023-5138
03 Jan 2024 — Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. La detección de fallos no está habilitada de forma predeterminada para el núcleo CortexM33 en las partes altas de la bóveda segura de Silicon Labs EFx32xG2xB, excepto EFR32xG21B. • https://community.silabs.com/069Vm0000004f6DIAQ • CWE-909: Missing Initialization of Resource CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •